From nobody Thu Apr 25 23:51:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+89643+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+89643+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1652167165; cv=none;
	d=zohomail.com; s=zohoarc;
	b=mBJkZbpR1t14hazugXU/wsYucF5g+A9HAb41VG3MABv1CKnDxG0cvaWbQTK/HWk5cEipGMouXuXjVHJ4onSP0PrXlNbAnoiOHmyqtaGI58iQQlGNe+vu9V8GRDduRrQ84ONV03U6ffsC1gd9m74UBGsilFi5hNB0qlaFJsobRow=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1652167165;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=1uAT2cTeUCCuWtVpgBLmyurXAU/Gp/REhgQwXCb3Arg=;
	b=cKezu5awnvEXKa6yaur4kvf+bxyfY7kUkq5oyEdCf8ufxIt+3KhTUjFSqTpdUUs/vD8SHtYULWRlrA19UYGlXpuxWeKlfGLEiS1tAu9CMEUrATiTrG6ROVh9hPa4vE/8uNOeeiKXO/Nh3AEyZ7vi7CpqRkgyMlU64vX7CUsQdwk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+89643+1787277+3901457@groups.io;
	dmarc=fail header.from=<yi1.li@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1652167165729444.4359269760007;
 Tue, 10 May 2022 00:19:25 -0700 (PDT)
Return-Path: <bounce+27952+89643+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id Qz8EYY1788612xSIo2Gcif4E;
 Tue, 10 May 2022 00:19:25 -0700
X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web11.6777.1652167156561604354
 for <devel@edk2.groups.io>;
 Tue, 10 May 2022 00:19:24 -0700
X-IronPort-AV: E=McAfee;i="6400,9594,10342"; a="294517590"
X-IronPort-AV: E=Sophos;i="5.91,213,1647327600";
   d="scan'208";a="294517590"
X-Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 10 May 2022 00:19:24 -0700
X-IronPort-AV: E=Sophos;i="5.91,213,1647327600";
   d="scan'208";a="593355347"
X-Received: from shwdejointd178.ccr.corp.intel.com ([10.239.153.103])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 10 May 2022 00:19:22 -0700
From: "yi1 li" <yi1.li@intel.com>
To: devel@edk2.groups.io
Cc: Yi Li <yi1.li@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Guomin Jiang <guomin.jiang@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH V4 3/5] CryptoPkg: Update process_files.pl to
 automatically add PCD config option
Date: Tue, 10 May 2022 15:19:05 +0800
Message-Id: 
 <9d0a6d2ec8f543909e8d1c59a8ae62b71b6d9a35.1652166965.git.yi1.li@intel.com>
In-Reply-To: <cover.1652166965.git.yi1.li@intel.com>
References: <cover.1652166965.git.yi1.li@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,yi1.li@intel.com
X-Gm-Message-State: E2gVQu6dmEfmhIM1hlZp3Kdzx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1652167165;
 bh=NEuvCpA4hLmzIrwdx2IdsX9eq6BtSsFH/eGtTUzO57w=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=JgSiKFYTrevs0AyGV+T3TOFr1+A/vNc+1axUODa6e5EOSD3+pTsHpYrS9/xnjBT7aSL
 6bHacXhYLO6I3nUIDZ2mRPcknLJyJdUZAFfXDwgVrJUkJJx1BtgfZBh5X38wGAOECrcZm
 YMyYGmaunD6PlAd8D2tSrJzyhXMHG0PeyN8=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1652167167082100006
Content-Type: text/plain; charset="utf-8"

Recommend from Gerd:
(2) Keep the EC config option, but update process_files.pl to
  automatically add the PcdEcEnabled config option handling
  to the files it generates.

When remove 'no-ec' from openssl configure list, will automatically remove
'OPENSSL_NO_EC', 'OPENSSL_NO_ECDH', 'OPENSSL_NO_ECDSA', 'OPENSSL_NO_TLS1_3',
form header, and add '/ec/.', '/sm2/.' files to INF files.

Signed-off-by: Yi Li <yi1.li@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Library/OpensslLib/process_files.pl | 77 ++++++++++++++++++-
 1 file changed, 74 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr=
ary/OpensslLib/process_files.pl
index 2ebfbbbca0de..545f2182842b 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -81,6 +81,19 @@ my $uefi_config;
 my $extension;
 my $arch;
 my @inf;
+#
+# Use PCD to conditionally enable certain openssl features.
+# $conditional_feature contains pcd_name:fetures_names pairs
+# of conditional features.
+# @conditional_feature_dir contains relative_path:pcd_name pairs
+# of conditional features in openssl, MUST correspond to the content
+# in $conditional_feature.
+#
+# Configure list [openssl_configuration : new_define_list : new_file_list =
: pcd]
+# 1. no-ec : {NO_EC, NO_ECDH, NO_ECDSA, NO_TLS1_3, NO_SM2} : {/ec/, /sm2/}=
 : PcdOpensslEcEnabled
+#
+my %conditional_feature =3D ("PcdOpensslEcEnabled"=3D>["EC", "ECDH", "ECDS=
A", "TLS1_3", "SM2"]);
+my %conditional_feature_dir =3D ("/ec/"=3D>"PcdOpensslEcEnabled", "/sm2/"=
=3D>"PcdOpensslEcEnabled");
=20
 BEGIN {
     $inf_file =3D "OpensslLib.inf";
@@ -282,7 +295,13 @@ foreach my $product ((@{$unified_info{libraries}},
                 push @sslfilelist, '  $(OPENSSL_PATH)/' . $s . "\r\n";
                 next;
             }
-            push @cryptofilelist, '  $(OPENSSL_PATH)/' . $s . "\r\n";
+            push @cryptofilelist, '  $(OPENSSL_PATH)/' . $s;
+            foreach (keys(%conditional_feature_dir)) {
+                if ($s =3D~ $_) {
+                    push @cryptofilelist, '      |*|*|*|gEfiCryptoPkgToken=
SpaceGuid.' . $conditional_feature_dir{$_};
+                }
+            }
+            push @cryptofilelist, "\r\n";
         }
     }
 }
@@ -311,7 +330,13 @@ foreach (@headers){
     push @sslfilelist, '  $(OPENSSL_PATH)/' . $_ . "\r\n";
     next;
   }
-  push @cryptofilelist, '  $(OPENSSL_PATH)/' . $_ . "\r\n";
+  push @cryptofilelist, '  $(OPENSSL_PATH)/' . $_;
+  foreach my $conditional_key (keys(%conditional_feature_dir)) {
+    if ($_ =3D~ $conditional_key) {
+        push @cryptofilelist, '      |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' =
. $conditional_feature_dir{$conditional_key};
+    }
+  }
+  push @cryptofilelist, "\r\n";
 }
=20
=20
@@ -416,7 +441,7 @@ print "\n--> Duplicating opensslconf.h into Include/ope=
nssl ... ";
 system(
     "perl -pe 's/\\n/\\r\\n/' " .
     "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
-    "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
+    "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf_generated.h"
     ) =3D=3D 0 ||
     die "Cannot copy opensslconf.h!";
 print "Done!";
@@ -428,6 +453,52 @@ system(
     "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
     ) =3D=3D 0 ||
     die "Cannot copy dso_conf.h!";
+print "Done!";
+
+#
+# Add conditional feature to opensslconf.h
+#
+my $conf_file =3D "../Include/openssl/opensslconf.h";
+my @conf_raw =3D ();
+my @conditional_define =3D ();
+print "\n--> Updating conditional feature in $conf_file ... ";
+
+foreach my $pcd_name (keys(%conditional_feature)) {
+    push @conditional_define, "#if !FixedPcdGetBool ($pcd_name)\r\n";
+    foreach (@{$conditional_feature{$pcd_name}}) {
+        push @conditional_define, "# ifndef OPENSSL_NO_$_\r\n";
+        push @conditional_define, "#  define OPENSSL_NO_$_\r\n";
+        push @conditional_define, "# endif\r\n";
+    }
+    push @conditional_define, "#endif\r\n";
+}
+
+open( FD, "<" . $conf_file ) ||
+    die $conf_file;
+foreach (<FD>) {
+    # Insert conditional define to the begin of opensslconf.h
+    if ($_ =3D~ "Autogenerated conditional openssl feature list starts her=
e") {
+        push @conf_raw, $_, @conditional_define;
+        $subbing =3D 1;
+        next;
+    }
+    if ($_ =3D~ "Autogenerated conditional openssl feature list ends here"=
) {
+        push @conf_raw, $_;
+        $subbing =3D 0;
+        next;
+    }
+    push @conf_raw, $_
+        unless ($subbing);
+}
+close(FD) ||
+    die $conf_file;
+
+open( FD, ">" . $conf_file ) ||
+    die $conf_file;
+print( FD @conf_raw ) ||
+    die $conf_file;
+close(FD) ||
+    die $conf_file;
 print "Done!\n";
=20
 print "\nProcessing Files Done!\n";
--=20
2.31.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89643): https://edk2.groups.io/g/devel/message/89643
Mute This Topic: https://groups.io/mt/91007896/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-